Some vulnerabilities have been found in MyABraCaDaWeb which allow attackers
to determine
the physical path of the application.

This vulnerability would allow a remote user to determine the full path to
the web root directory
and other potentially sensitive information. This vulnerability can be triggered
by a remote user
submitting a specially crafted HTTP request, such as a request for an invalid
Admin ID.

Exploits :

http://[target]/index.php?IDAdmin=test

http://[target]/index.php?base=test

http://[target]/index.php?tampon=test

http://[target]/index.php?SqlQuery=test

etc...

---------------------------------------

¤ Cross Site Scripting :

A Cross-Site Scripting vulnerability have been found in MyABraCaDaWeb which
allow
attackers to inject script codes into the search script and use them on clients
browser
as if they were provided by the site.

This Cross-Site Scripting vulnerability are found in the page for searching
keyword.